# Domain Risk Details Report

Use the *Domain Risk Details* report to understand why a referral domain was flagged for domain reputation risk in *Event Risk*. The report surfaces specific reputation triggers detected for a single domain. These triggers help you distinguish between dangerous signals, such as malware, from less severe concerns, like abnormal traffic.

You must enter a domain to run the report. The output shows impact.com’s risk assessment for the domain you enter and does not include performance or partner-specific metrics.

### Access the report

1. From the left navigation menu, select ![](/files/R8AxmtABBX7EqHjIMAwy) **\[Protect] → Event Risk**.
2. Select **Reports →** [**Domain Risk Details**](https://app.impact.com/secure/advertiser/protect/report/viewReport.report?id=17750).
3. On the report page, set your filters at the top, then select **Apply**.
4. Use the icons at the top-right to *pin*, *schedule*, or *download* the report (PDF, Excel, or CSV).

For details on the filters and columns, see the *Filter reference* and *Reputation triggers reference* below.

### Filter reference

Use these filters to control the scope of data returned:

<table data-header-hidden="false" data-header-sticky><thead><tr><th>Filter</th><th>Description</th></tr></thead><tbody><tr><td>Date Range</td><td><p>Select start and end dates to view the domain’s risk signals for that period. Daily reputation is evaluated; multiple days can be queried.</p><p>Domain risk is reevaluated daily, but only one row will be present in the report and will show the most recent evaluation for the date range if the evaluations are the same.</p></td></tr><tr><td>Domain</td><td>Enter the referral domain you want to assess (e.g. starkindustries.com). This filter is required to run the report. If visited via drilldown from one of the other reports, the domain will be auto-populated. If adding directly, remove the scheme (https:// and subdomain e.g. www.)</td></tr></tbody></table>

<div data-with-frame="true"><figure><img src="/files/WuhARDZ0Jyt6HGxKfaK3" alt=""><figcaption></figcaption></figure></div>

### Reputation triggers reference

These columns explain why the entered domain has been flagged by *Event Risk*’s reputation system. Multiple triggers can be true at the same time for a single domain.

<table data-header-hidden="false" data-header-sticky><thead><tr><th>Column</th><th>Description</th><th>Risk level</th></tr></thead><tbody><tr><td>Domain</td><td>The referral domain you queried.</td><td><br></td></tr><tr><td>Last Scored Date</td><td>The last date on which the domain was flagged for an Event Risk score.</td><td><br></td></tr><tr><td>Malware</td><td>This indicates when the domain is associated with malware distribution or compromise. Typically considered high or critical severity. This domain has been associated with malware, which could be involved in deploying cookie-stuffing scripts or other illicit behavior.</td><td><p><code>CRITICAL</code></p><p>i.e. if we see this signal, we will filter these clicks out from reporting and attribution.</p></td></tr><tr><td>Single Source Traffic</td><td>This indicates when traffic originates disproportionately from a single source, indicating potential manipulation or inorganic patterns.</td><td><code>SUSPECT</code></td></tr><tr><td>Ad Spamming</td><td>This indicates when the domain exhibits spammy advertising behaviors (for example, excessive ad calls or stacked placements).</td><td><code>SUSPECT</code></td></tr><tr><td>Copyright Risk</td><td>This indicates when the domain shows content or distribution patterns associated with copyright infringement risk. Google has delisted URLs for copyright infringement. Any partner stealing content from another site for gain is against our Terms thus clicks from this signal will be disregarded as illegitimate.</td><td><p><code>CRITICAL</code></p><p>i.e. if we see this signal, we will filter these clicks out from reporting and attribution.</p></td></tr><tr><td>Low Engagement</td><td>This indicates that users spend very little time on the partner’s website and bounce more frequently than normal. This is a common sign of bot behavior.</td><td><code>SUSPECT</code></td></tr><tr><td>Abnormal Traffic</td><td>Indicates when anomalous traffic patterns are detected (for example, irregular spikes, bot-like cadence). This looks for a large concentration of traffic in a small number of IPs.</td><td><code>SUSPECT</code></td></tr><tr><td>Adult Content</td><td>Indicates when content is for a mature audience and not safe for work or minors.</td><td><code>SUSPECT</code></td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.impact.com/brand/what-would-you-like-to-learn-about/platform-features/protect-and-monitor-your-performance-program/event-risk/domain-risk-details-report.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.